Amazon Linux 2 : firefox (ALASFIREFOX-2024-026)

The version of firefox installed on the remote host is prior to 115.12.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2FIREFOX-2024-026 advisory. RESERVEDNOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2022-30/CVE-2022-2205 CVE-2022-2205 An attack...

CVE-2022-25479

Vulnerability in Realtek RtsPer driver for PCIe Card Reader RtsPer.sys before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader RtsUer.sys before 10.0.22000.31274 allows for the leakage of kernel memory from both the stack and the heap...

Hanwha Vision NVR Remote Code Execution (CVE-2023-6095)

An attacker could inject arbitrary attack code by manipulating HTTP headers. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to succeed...

Hanwha Vision NVR Remote Code Execution (CVE-2023-6116)

An attacker could inject arbitrary attack code by manipulating http url parameters. However, in order to succeed in the attack, the base address of the stack memory must be obtained. The default address depends on firmware version, configuration option information, and the attack is unlikely to...

PT-2024-5389 · Libcurl +5 · Libcurl +5

Name of the Vulnerable Software and Affected Versions: libcurl affected versions not specified Description: The issue is related to libcurl's ASN1 parser, specifically the utf8asn1str function used for parsing an ASN.1 UTF-8 string. When an invalid field is detected, the function returns an error...

CVE-2024-32930

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32920

In setsecurereg of sachandler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32930

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32930

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32930

CVE-2024-32930 involves a flaw in the plugin_ipc_handler of the slc_plugin.c module, where uninitialized data can cause a local information disclosure of 4 bytes from the stack. Exploitation is described as local with no user interaction and no additional execution privileges required. The provid...

CVE-2024-32920

CVE-2024-32920 describes an out-of-bounds read in set_secure_reg of sac_handler.c, caused by a missing bounds check. This can disclose 4 bytes of stack memory locally without extra privileges or user interaction. Affected software/components, root cause, and explicit remediation are not provided ...

CVE-2024-32920

In setsecurereg of sachandler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-32920

In setsecurereg of sachandler.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2024-24975 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a missing bounds check in the set secure reg function of sac handler.c, which can lead to an out of bounds read. This could resu...

RHEL 8 : cairo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cairo: infinite loop in the function arcerrornormalized in the file cairo-arc.c CVE-2019-6462 - cairo...

RHEL 7 : kernel-rt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kernel: Geneve/IPsec traffic may be unencrypted between two Geneve endpoints CVE-2020-25645 - An issue wa...

PUB-A-322223921

In pluginipchandler of slcplugin.c, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure of 4 bytes of stack memory with no additional execution privileges needed. User interaction is not needed for exploitation...

DEBIAN-CVE-2024-36032

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed...

UBUNTU-CVE-2024-36032

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix info leak when fetching fw build id Add the missing sanity checks and move the 255-byte build-id buffer off the stack to avoid leaking stack data through debugfs in case the build-info reply is malformed...

DEBIAN-CVE-2021-47477

In the Linux kernel, the following vulnerability has been resolved: comedi: dt9812: fix DMA buffers on stack USB transfer buffers are typically mapped for DMA and must not be allocated on the stack or transfers will fail. Allocate proper transfer buffers in the various command helpers and return ...